Our Blog

There’s a glaring gap between the public perception of the autonomous vehicle industry, and what’s actually happening at the R&D facilities around the world. While the public still treats any news about cars that drive themselves as almost-magic, engineers who work on...

In the last months, our automated vulnerability detection platform has been working continuously, researching different products from various vendors. The platform found very interesting results, including Heap Overflows, Use After Frees, Uninitialized Data Accesses,...

A very exciting Patch Tuesday for us at Cybellum, with 5 CVEs published for vulnerabilities discovered by our automated vulnerability detection platform. Four of them are in Adobe products, whereas the fifth is byproduct of a decision reversal by Microsoft Security...

With every passing year, the IT security market gets bigger and bigger. The increase in frequency and scope of attacks, driven by the ever-growing amount of valuable data stored on computers, created a huge demand for defensive solutions. Each of them has a unique...

Bug bounties are great, aren’t they? A company decides that instead of just testing their product in-house, it will also open the challenge to outside developers, and compensate them for their effort. Crowdsourced security at its best, with more of the attack surface...

Introduction This post explores the Type Confusion discovered by Cybellum's automated vulnerability detection platform in Microsoft Word. It was reported to Microsoft on August 21st. Microsoft has confirmed the vulnerability, and patched it as part of October 2017...

Ask a DevSecOps evangelist what it’s all about, and they’ll tell you that it’s the mindset that makes everyone care about product security - an idyllic scenario where through changes to company workflows and addition of new tools, products are built in a more secure...

In 2014, Lenovo decided to trust third party software. What became a severe security incident, started when adware from a company named Superfish was installed on Lenovo laptops, ostensibly “to provide users with real-time price comparisons”, but with a nasty...

Introduction Cybellum is the developer of the first automated vulnerability detection technology on the market. Our platform detects vulnerabilities in compiled code, even when they don’t cause a crash, without performance impact on the tested software. The week of...

Introduction This post explores the Type Confusion discovered by Cybellum's automated vulnerability detection platform in Edge and Internet Explorer. It was reported to Microsoft on August 21st. Microsoft has confirmed the vulnerability. Cybellum's platform discovers...

Cybellum was founded because there's an industry blindspot around vulnerability detection. Software vulnerabilities aren't detected soon enough, assessed for risk well enough, and fixed quickly enough to deal with the rising tide of new threat actors - all of whom are...

See how Cybellum uses dynamic analysis to detect ulnerabilities in C/C++ closed binaries. Get a free demo. OverviewOur research team has uncovered a new Zero-Day attack for taking full control over major antiviruses and next-generation antiviruses. Instead of hiding...

See how Cybellum uses dynamic analysis to detect ulnerabilities in C/C++ closed binaries. Get a free demo. Overview We’d like to introduce a new Zero-Day technique for injecting code and maintaining persistency on a machine (i.e. auto-run) dubbed DoubleAgent....

In 2014, the Heartbleed bug made the data of millions of web-users publicly available to unauthorized third party access. When Cloudbleed leaked user info late last month, it seemed to some like deja-vu. Once again, private information like passwords, chats, hotel...

The cyber world has become a dominant entity throughout the world and with it, cyber threats have also increased significantly. Reports suggest that in 2016, Ransomware became a major headache for thousands of people and businesses affecting individuals both at a...

The term ‘kill chain’ was originally used as a military concept related to the structure of an attack. In 2011 Lockheed Martin adopted the term for cyber security, modeling network intrusion. In this post we zoom in, model and simplify the Zero-Day kill chain, a chain...